You can also download this document as a pdf.
Exeter Eye LLP (we, us and our) respects your privacy and is committed to protecting your personal Patient Privacy Notice
Exeter Eye LLP (we, us and our) respects your privacy and is committed to protecting your personal data. This privacy notice provides information on how we collect and process your personal data when you receive ophthalmology services from us.
It is important that you read this privacy notice together with our website privacy policy (see below)
1. Important information and who we are
Exeter Eye LLP is the data controller and responsible for your personal data.
If you have any questions about this privacy notice or our data protection practices, please contact us using the following details:
Email: info@exetereye.co.uk
Post: Admiral House, Grenadier Road, Exeter Business Park, Exeter EX1 3QF
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data including first name, maiden name, last name, marital status, title, date of birth, gender and information obtained from video and audio recording systems such as CCTV or telephone calls.
- Contact Data including billing address, email address and telephone numbers.
- Financial Data including includes bank account and payment card details.Transaction Data including details about payments to and from you and other details of products and services you have purchased from us.
- Special Categories of Personal Data including details about your race or ethnicity, sex life, sexual orientation, information about your health, medical records and treatment plans, genetic and biometric data.
3. If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with ophthalmology services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of a contract: where we need to perform the contract, we are about to enter into or have entered into with you.
- Legal obligation: where we need to comply with a legal obligation.
- Research: we may process your personal data (including Special Categories of Personal Data) to carry out research. When we use your data for research purposes, we will ensure that appropriate safeguards are in place, such as using the minimum amount of data needed or making sure you cannot be identified by the data.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose / Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
To register you as a new patient | a) Identity b) Contact | Performance of a contract with you |
To deliver our services, including: Managing payments, fees and charges Collecting and recovering money owed to us | a) Identity b) Contact c) Financial d) Transaction | a) Performance of a contract with you b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: notifying you about changes to our terms or this privacy notice responding to complaints and communicating with you about your care | a) Identity b) Contact | Performance of a contract with you Necessary to comply with a legal obligation |
Communicating with other healthcare professionals about your care | a) Identity b) Contact c) Special Categories of Personal Data | Necessary for our legitimate interests (to ensure that other healthcare professionals involved in your care are aware of your treatment) Article 9 condition for processing Special Categories of Personal Data: health or social care under Article 9(2)(h) UK GDPR |
To comply with our legal and regulatory obligations | a) Identity b) Special Categories of Personal Data | To comply with our legal obligations Article 9 condition for processing Special Categories of Personal Data: public interest in the area of public health Article 9(2)(i) UK GDPR |
To monitor our premises using CCTV, in particular: a) to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime; b) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime; c) to support law enforcement bodies in the prevention, detection and prosecution of crime; d) to assist in day-to-day management, including ensuring the health and safety of staff and others; and e) to assist in the defence of any civil litigation | a) Identity | Necessary for our legitimate interests (to ensure the safety of our patients and security of our premises) |
To enable us toparticipate in researchprogrammes | a) Identity (limited in so far as possible to nonidentifiable information) b) Special Categories of Personal Data | Article 6 lawful basis: legitimate interests in conducting and participating in research Article 9 condition for processing Special Categories of Personal Data:scientific or historical research and statistical purposes under Article 9(2)(j) UK GDPR |
To publish your reviews on our website, including reviews published on Google and Trustpilot | a) Identity (where you have provided this information) | Necessary for our legitimate interests in publishing reviews submitted in respect of our services |
5. How we share your personal data
We may share your personal data with the parties set out below:
- Service providers acting as processors as set out in our website privacy policy who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.Your general practitioner (GP) and other medical professionals.
- Your insurance provider (where your insurer is contributing towards the cost of your treatment).
- Regulatory authorities such as the CQC, the Independent Sector Complaints Adjudication Service (ISCAS), the Royal College of Ophthalmologists and the General Optical Council.
- Third party organisations for the purpose of participating in research.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
6. International transfers
Please review our privacy policy at https://www.exetereye.co.uk/privacy-policy-cookies/ for details of how we deal with international transfers of data.
7. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data protection issues (www.ico.org.uk). More detail can be found in our privacy policy which can be accessed at https://www.exetereye.co.uk/privacy-policy-cookies/.
8. Data retention
Please review our privacy policy at https://www.exetereye.co.uk/privacy-policy-cookies/ for details of how we determine how long to retain your personal data.
Patient records will be kept for 8 years from the date of the last data entry, in line with the time period required under relevant legislation.
By law we must keep financial information about our patients for six years after they cease being patients.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use that information without further notice to you. Once you are no longer a patient we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Share this:




